Three months ago, an average of six paid AI accounts were sold each day on the criminal marketplaces KasadaIQ monitors. In Q1 2026, that number was 3,845, a 640x increase against essentially flat supply. It's the clearest signal we've seen that premium AI capabilities are no longer an adversary experiment, but operational infrastructure.
The Q1 2026 KasadaIQ Threat Intelligence Report unpacks what that shift means across the automated threat landscape. It's not the story most of the industry is telling. Most vendors are still framing AI as a tactic: something adversaries use to write better phishing emails or generate better lures. KasadaIQ's data says something more fundamental has happened.
AI as a tool, a target, and a commodity
Adversaries are now running on AI.
As a tool, AI is maturing fast in adversary hands. In Q1, KasadaIQ observed a surge of novices in botting communities citing "vibe coding" and no-code agent builders as enablers, with some claiming to have produced functional bots in under an hour. Mentions of AI skills in adversary job ads across communities KasadaIQ monitors jumped 248% year-on-year. At the same time, a stigma-like hesitancy toward AI persists among seasoned developers. Some fraud operators still rely on spreadsheets. The barrier to entry is falling fast, but unevenly.
As a target, AI systems are creating new attack surfaces. KasadaIQ is tracking an emerging class of threats aimed at AI agents themselves: commercialized memory poisoning toolkits, infostealers developed specifically to exfiltrate AI agent configuration files and campaigns designed to harvest the content of AI prompts and generated outputs. The threat model has expanded from stealing what agents know to hijacking what agents can do.
As a commodity, AI accounts themselves have become high-value merchandise. That's the 640x number. Adversaries are paying for premium AI access at scale because free-tier capabilities aren't enough anymore.

